Policy

1. GENERAL INFORMATION
2. DATA CATEGORIES
3. ORIGIN OF THE DATA
4. PROCESSING PURPOSES
5. LAWFULNESS OF PROCESSING
6. CATEGORIES OF RECIPIENTS
7. DURATION OF DATA STORAGE
8. DATA SECURITY
9. SPECIFIC INFORMATION ON DATA PROCESSING ON OUR WEBSITES
10. YOUR RIGHTS

1. GENERAL INFORMATION

1.1 SCOPE
Hyperganic Group GmbH (together with its subsidiaries hereinafter referred to as "HYPERGANIC" or “we”) as operator of the website www.hyperganic.com treats personal and business data confidentially and in accordance with the statutory data protection provisions and on the basis of this privacy policy. The legal basis can be found, in particular, in the EU General Data Protection Regulation (GDPR) and in the German Federal Data Protection Act (FDPA).

This HYPERGANIC Privacy Policy ("Privacy Policy") describes how we collect, process, and disclose information related to you as a natural person (“Personal Data”), and what rights you have with respect to the processing of your Personal Data. Please note that this website offer is directed exclusively at commercially interested parties (B2B). We therefore ask you to provide us only with your business data (e.g. corporate/business email address or corporate/business phone number).

Under the prerequisite that we act as Controller, this Privacy Policy applies when you:

• • visit any of our websites or social media pages,
• • access or use any of our applications or platforms or other digital offerings (such as user forums on our websites or platforms),
• • register and/or attend to events hosted or attended by HYPERGANIC,
• • contact our customer support,
• • do business with us, or
• • otherwise interact or communicate with us.

These services are hereinafter collectively referred to as "Services". If you decline to provide your Personal Data or ask us to delete it, you may not be able to access or use the Services.

If you are a candidate for potential employment with HYPERGANIC, the dedicated Privacy Policy for the application process can be found here.

In all these cases, various Personal Data is processed. Personal Data is information that relates to an identified or identifiable natural person (hereinafter "Data Subject").

A person is identified if the identity results directly from the data itself, such as the name of an individual, or if the name is stored directly in connection with the date of birth. A person is identifiable if his or her identity can be established – directly or indirectly – by combining the data with another piece of information.

1.2 CONTROLLER AND CONTACT PERSON FOR DATA PROTECTION
The Controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of Personal and Business Data ("Data"). The Controller within the meaning of the GDPR and the applicable national data protection laws (esp. FDPA) and other data protection provisions is:

Hyperganic Group GmbH
Georgenstr. 38
80799 Munich
Germany

Legal representative: Lin Kayser

You can reach the data protection officer at privacy@hyperganic.com

1.3 UPDATE OF THIS PRIVACY POLICY
We may change or substitute this Privacy Policy at any time in our sole discretion. You should check back regularly for the most up-to-date version of this Privacy Policy and whenever you access one of our Services.

2. DATA CATEGORIES

The categories of data we process depend on your interactions with us and may include one or more of the following data categories.

2.1 CONTACT AND BUSINESS DATA
For the use of certain Services, contact data may be processed. Contact data consists of last name, first name, corporate/business email address, corporate/business physical address, corporate/business phone number, country of origin and similar contact information, including in some circumstances usernames and passwords. These may be supplemented by further business data such as position, company name and other similar information.

2.2 COMMUNICATION AND TRANSACTION DATA
Communication data refers to the data resulting from your interaction with us, e.g., emails, direct/chat messages, video meetings or telephone calls, software downloaded, questions asked in user forums, and product interest information. We may also collect registration information related to your attendance at one of our events, including travel information, scheduling information, food preferences or allergies, and accessibility requests.

2.3 DEVICE AND BROWSER DATA
When you visit or use one of our websites, platforms or applications, online and technical information from your computer or mobile device may be collected, such as: device type, location, information about the browser type and version, the operating system and version, the ISP or mobile carrier, the IP Address (or proxy server) and geographic areas derived from your IP address, time and date of access, duration of access, referring URL (if any), and identifiers that help us recognize your device and validate that you are a licensed user.

3. ORIGIN OF THE DATA

In most cases, you provide the Data directly to us by accessing one of our websites or by registering and/or using one of the Services. We may also obtain Data from your employer in the context of providing the Services or from third party suppliers, social networks, or partners.

4. PROCESSING PURPOSES

We use the Data collected as described in this Privacy Policy, as specified in any agreement concluded with you, or as disclosed to you in connection with the Services. We do not carry out any statistical evaluation of a data subject’s behavior (profiling); in particular, there is no automated decision-making (see Art. 22 Para. 1 and Para. 4 GDPR and Art. 6 Para. 1(b) and (f) GDPR).

4.1 PROVIDING THE REQUESTED SERVICE
We process your Data to fulfill our contractual obligations to you, including to:

• • provide and deliver products and services (including updates thereto);
• • operate and improve our operations, systems, products and services;
• • understand your preferences to enhance your experience; and
• • provide service and support, such as sending confirmations, invoices, technical notices, updates, security alerts and administrative messages and providing customer support and troubleshooting.

4.2 COMMENTS AND QUESTIONS
If you contact us via our website, via email or in any other way, we process your Data to understand and respond to your request and to provide customer service. In such circumstances, your request might be internally forwarded to the responsible department at HYPERGANIC.

4.3 SALES & MARKETING ACTIVITIES
We may use your corporate/business email address for direct advertising, to communicate news about upcoming events, products, and services, and for surveys according to Art. 6 Para. 1 (a) or (f) GDPR. We also use your corporate/business email address, which we receive in connection with the sale of a product or service, for direct advertising of products or services similar to the ones you ordered.

Our marketing emails permit you to opt-out of receiving further communications by selecting the “unsubscribe” link. In addition, you may opt-out from marketing communication at any time by contacting privacy@hyperganic.com.

4.4 STATISTICS
To improve performance of the Services, to assess and improve the customer and user experience, to identify future opportunities for development of the Services, and to assess capacity requirements, we may analyze aggregated, anonymized or statistical information based on Data (Art. 6 Para. 1 (f) GDPR).

4.5 SECURITY & COMPLIANCE
We may analyze your Data to maintain the security of the Services and facilities, to enforce our terms and conditions; to protect against, investigate and deter fraudulent, unauthorized, or illegal activity; and to avoid and detect attacks on our website or applications or misuse of our Services.

5. LAWFULNESS OF PROCESSING

When we collect and use your Data, we will only do so where at least one of the following applies:

• • We need to process your Data to perform our responsibilities under our contract with you and to provide you with tools and services (see Art.6 Para 1(b) GDPR).
• • We have a legitimate interest to process your Data (see Art.6 Para 1(f) GDPR).
• • You have given consent to process Data (see Art.6 Para. 1(a) GDPR).
• • It is necessary for us to process your Data to comply with a legal obligation (see Art.6 Para. 1(c) GDPR).

6. CATEGORIES OF RECIPIENTS

Your Data may be transferred to affiliates and partners of HYPERGANIC as well as to a limited number of service providers (Processors) that perform processing operations such as data storage, hosting or communication services. These service providers process Data on our instructions only and have implemented state-of-the-art technical and organizational measures to safeguard the processed data. All Processors have been selected carefully and are closely monitored. The following is a list of the names of HYPERGANIC’s key sub-processors and the purposes for which they process Data (as changed from time to time):

Sub-processor	Purpose
Amazon Web Services (AWS)	Cloud infrastructure hosting
Digital Ocean	Cloud infrastructure hosting
Atlassian Jira	Development tracking tool
Microsoft (Office 365)	Email hosting, storage
Slack	Internal communication
Zoom Video Communications	Video telephony software program

When we ask third parties to host or present at certain events, we may forward your Data to the respective third party who may use this data to provide access to the event or may contact you for related marketing purposes.

If Data is transferred to subsidiaries, partners service providers or third parties located outside the European Economic Area (EEA) which are not subject to an adequacy decision by the European Commission we will ensure that such recipient offers an adequate level of data protection, for instance by entering into EU Standard Contractual Clauses (SCCs) and implementing additional safeguards in accordance with legal requirements, or we will ask you for your prior individual consent to such international data transfers.

We may disclose your Data to comply with legal requirements, such as in response to a court order or a subpoena. In such an event, we will use reasonable and lawfully available measures to object to overbroad, unclear or otherwise inappropriate requests for information, and will cooperate with those seeking a protective order unless we are legally prohibited from doing so. We may also share Data with our auditors, attorneys or other advisors under professional obligations of confidentiality in connection with corporate functions.

7. DURATION OF DATA STORAGE

Your Data will be deleted upon your request or as soon as it is no longer required to achieve the purpose for which the Data has been collected, namely, to provide the requested Services. If legal regulations (e.g., by fiscal, commercial, or contractual law) apply that require longer storage of your Data, or if we need your Data to assert legal claims or defend against legal claims, we will store your Data until the expiration of the corresponding storage period or until the settlement of the claims.

Any user account and its related data in applications where we act as Controller will be deleted upon your request or after three years of inactivity.

8. DATA SECURITY

Data is protected by us by means of suitable technical and organizational measures in order to ensure an appropriate level of protection and to safeguard the personal rights of the persons concerned. The measures taken serve, among other things, to prevent unauthorized access to the technical equipment used by us and to protect Data from unauthorized disclosure by third parties. In particular, this website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as your contact requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. Nevertheless, we would like to point out that data transmission on the internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is therefore not possible.

9. SPECIFIC INFORMATION ON DATA PROCESSING ON OUR WEBSITES

9.1 CALLING UP AND VISITING OUR WEBSITE – SERVER LOG FILES
For the purpose of the technical provision of the website, it is necessary that we process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically collected each time our website is called up and automatically stored in so-called server log files. These are:

• • Browser type and browser version
• • Operating system used
• • Website from which the access is made (referrer URL)
• • Host name of the accessing computer
• • Date and time of access
• • IP address of the requesting computer

The storage of the aforementioned access data is necessary for technical reasons to provide a functional website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under further conditions, can at least theoretically enable an assignment to your company or person. In addition to the above-mentioned purposes, we use server log files exclusively for the needs-based design and optimization of our Internet offering purely statistically and without any inference to your person. This data is not merged with other data sources, nor is the data evaluated for marketing purposes.

Insofar as you visit our website in order to obtain information about our range of products and services or to use them, the legal basis for the temporary storage and processing of the access data is Art. 6 Para. 1 (b) GDPR, which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. In addition, Art. 6 Para. 1 (f) GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.

9.2 COOKIES – SESSION IDS
Cookies are text files that are stored on a computer system via an internet browser. There are different categories of cookies, mainly (i) technical cookies necessary for the basic website functionality, (ii) functional cookies that enhance functions and performance and (iii) analyzing/marketing cookies that track website activity.

On our websites, we only use so-called session IDs or session tokens. A session ID is a unique identifier that a website assigns to a specific user for the duration of the session, to keep track of visitor activity for user authentication purposes. A session ID is a technical cookie which is necessary for the functionality of the website and is automatically deleted once the user ends the session.

Apart from that, we have designed our websites so that no cookies are used. A tracking or analysis is also not carried out.

9.3 NEWSLETTER - MAILCHIMP
When you sign up for our newsletter, you submit to us your first name, last name and corporate/business email address and give us the right to contact you by email (Art. 6 Para. 1 (a) GDPR). We use the data stored as part of the registration for the newsletter exclusively for our newsletter.

If you unsubscribe from the newsletter - you will find the link for this at the very bottom of each newsletter - we will delete all data that was stored with the newsletter registration.

We send newsletters with MailChimp and use functions of the newsletter service MailChimp of the company The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA on this website to collect newsletter registrations.

GENERAL INFORMATION ABOUT MAILCHIMP
Rocket Science Group LLC (MailChimp) maintains online platforms that allow our users to stay in touch with their subscribers, primarily via email. They allow users to upload email addresses and other subscriber profile information, such as name, physical address, and other demographic information, to the MailChimp database. This information is used to send emails and enable the use of certain other MailChimp features for those users. In accordance with its published privacy policy, MailChimp shares some information with third-party vendors to provide and support the services MailChimp offers to users. MailChimp also shares some information with third-party advertising partners to better understand users' needs and interests in order to provide more relevant content and targeted advertising to those users and other users.

NEWSLETTER SIGNUP
If you sign up for our newsletter on our website, the data you enter will be stored by MailChimp.

DELETION OF YOUR DATA
You can withdraw your consent to receive our newsletter at any time within the email received by clicking on the link at the bottom. Once you have unsubscribed by clicking on the unsubscribe link, your data will be deleted from MailChimp.

NEWSLETTER EVALUATION
When you receive a newsletter via MailChimp, information such as IP address, browser type and email program is stored to give us information about the performance of our newsletter. MailChimp can determine if the email has arrived, if it has been opened and if links have been clicked by means of images called web beacons (details can be found at https://kb.mailchimp.com/reports/about-open-tracking) integrated in the HTML emails. All this information is stored on MailChimp's servers, not on this website.

You can learn more about MailChimp's use of cookies at https://mailchimp.com/legal/cookies/, and you can read information about MailChimp's privacy policy (Privacy) at https://mailchimp.com/legal/privacy/.

MAILCHIMP DATA PROCESSING AGREEMENT
We have concluded a data processing addendum (DPA), including Standard Contractual Clauses (SCC), with MailChimp. This contract serves to safeguard your Data and ensures that MailChimp adheres to the applicable data protection regulations and does not pass on your Data to third parties.

You can find more information about this contract at https://mailchimp.com/de/legal/data-processing-addendum/.

9.4 IP GEOLOCATION
We use a program on our website to locate your location via IP address. This program is used to display the website in the language relevant to you. Your location is determined by a service provider to whom only your current IP address is transmitted. As a result, the service provider returns the following data:

City, continent, country, country code, host name at the time of query, IP type, Internet service provider, longitude, latitude, organization, the transmitted IP address, region (state).

With this data we are able to show you the website in the language relevant to you. The data will not be stored by us. Art. 6 Para. 1 (f) GDPR serves as the legal basis for the temporary processing of this data, as our legitimate interest is to be able to provide you with a user-friendly website in the relevant language.

The service provider is: eXTReMe-IP-LOOKUP.COM, Geelvinckssteeg 32, 1017 BE Amsterdam, Netherlands. For more information about the provider's privacy policy, please click here https://extreme-ip-lookup.com/terms-privacy.

9.5 YOUTUBE
Our website uses plugins of the video platform YouTube to embed videos and play them directly on our website. The operator of the video platform is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA ("YouTube"). YouTube is an affiliated company of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").

The integration of YouTube videos takes place in the so-called "extended data protection mode", which, according to the provider, only initiates the storage of user information when the video(s) is/are played. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube establishes a connection to the Google DoubleClick network - regardless of whether you watch a video.

When you activate embedded videos on our website, a connection to YouTube's servers is established and a data transmission is started. We have no influence on the scope and content of the data that is transmitted to YouTube and possibly other partners of YouTube by activating the plugin. Among other things, the YouTube server is informed which of our pages you have visited. According to YouTube, this information is used, among other things, to collect video statistics, improve user-friendliness and prevent abusive behavior. YouTube uses cookies to collect information about user behavior. The cookies remain on your terminal device until you delete them. You can prevent YouTube from storing cookies by making the appropriate settings in your browser software (see above).

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR.

For more information on the handling of user data, please refer to YouTube's privacy policy at: https://policies.google.com/privacy?hl=en&gl=en.

9.6 SPOTIFY
On our pages, functions of the music service Spotify are integrated. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm in Sweden. You can recognize the Spotify plugins by the green logo on our site. An overview of the Spotify plugins can be found at: https://developer.spotify.com. This allows a direct connection between your browser and the Spotify server to be established via the plugin when you visit our pages. Spotify thereby receives the information that you have visited our site with your IP address. If you click the Spotify button while logged into your Spotify account, you can link the content of our pages on your Spotify profile. This allows Spotify to associate the visit to our pages with your user account. If you do not want Spotify to be able to associate the visit to our pages with your Spotify user account, please log out of your Spotify user account.

The processing is done to enable you to learn more about us via HYPERGANIC related podcasts.

The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 Para. 1(f) GDPR). Our legitimate interest lies in the purpose named in the previous paragraph.

Spotify transmits, processes and stores data about our users on servers located in several countries. For more information, please see Spotify's privacy policy: https://www.spotify.com/de/legal/privacy-policy.

9.7 SOCIAL NETWORKS

• 9.7.1 DESCRIPTION OF PROCESSING
  Our website does not use any so-called social media plugins. However, our profiles within the social networks Facebook, Twitter, Instagram and LinkedIn also represent data processing. If you are logged into the respective social network when you visit such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. "share", "like" or "retweet" a post, this information will also be stored in your user account. Via the so-called "Insights" of our Facebook page, we have the possibility to obtain statistical data. These statistics are provided by Facebook. The "Insights function" cannot be disabled. We cannot decide to turn this function on or off. It is available to all Facebook Fan Page operators, regardless of whether you use Facebook's Insights feature or not. We are provided with data for a selectable period of time and for the following groups of affected persons: Fans, Subscribers, Reached People, and Interacting People. These are the following categories of Data: Total page views, "likes" including origin, page activity, post interactions, reach, post reach (divided into organic, viral and paid interactions), comments, shared content, replies, as well as demographic evaluations, i.e. country of origin, gender and age. Due to the Facebook Terms of Use - which every user must have agreed to in order to use Facebook - it is possible for us to identify subscribers and fans of our site and to view their profiles. The social networks with which you communicate store your data using pseudonyms as usage profiles and use them for advertising purposes and market research. For example, you may be shown advertisements within the social network and on other third-party websites that match your presumed interests. For this purpose, cookies are usually used, which the social network stores on your terminal device. You have a right to object to the creation of these user profiles, which you must exercise by contacting the social networks directly.


• 9.7.2 PURPOSE
  We maintain profiles on the aforementioned social networks for the purpose of timely and supportive public relations and corporate communication with customers and interested parties. We use the "Facebook Insights" function to make our posts on our Facebook page more attractive to our visitors. For example, we can use visitors' favorite visiting times to optimize the timing of our posts.


• 9.7.3 LEGAL BASIS
  The legal basis for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 Para. 1 (f) GDPR). Our legitimate interest lies in the purpose named in section 2.7.2. If you are asked by us for consent in the context of a cookie banner or cookie consent tool, the legal basis is Art. 6 Para. 1) (a) GDPR. Such consent is voluntary. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 Para. 1(a) GDPR.


• 9.7.4 FURTHER INFORMATION ON THE SOCIAL NETWORKS
  The respective social networks are operated by the companies listed below. Further information on data protection with regard to our profile on the social networks can be found in the linked data protection provisions.
  
  Facebook:
  Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA. Privacy policies:
  http://www.facebook.com/policy.php
  http://www.facebook.com/help/186325668085084
  http://www.facebook.com/about/privacy/your-info-on-other#applications
  http://www.facebook.com/about/privacy/your-info#everyoneinfo.
  
  Twitter:
  Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; Privacy policies: https://twitter.com/privacy.
  
  Instagram:
  Instagram LLC, 1601 Willow Rd, Menlo Park, California 94025, USA; Privacy policies: https://help.instagram.com/155833707900388/.
  
  LinkedIn:
  LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; Privacy policies: https://www.linkedin.com/legal/privacy-policy.
  

9.8 LINKS TO OFFERINGS OF THIRD PARTIES
Websites as well as services of other providers linked to from this website were and are designed and provided by third parties. We have no influence on the design, content and function of these third-party services. We expressly distance ourselves from all content of all linked third-party services. Please note that the third-party services linked from this website may install their own cookies on your terminal device or collect Data. We have no influence on this. Please inform yourself directly with the providers of these linked third-party offers.

10. YOUR RIGHTS

Upon request, we will inform you whether and which data we have stored about you. Insofar as the legal requirements are met, you have the right to have this data corrected, blocked or deleted. You also have the right to receive Data which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Controller under conditions and in accordance with the Regulation.

Insofar as we process your data on the basis of the balancing of interests, you have a right of objection if the legal requirements are met.

Where we are relying on consent to process your Data you may withdraw your consent at any time for the future. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

You may exercise your rights by contacting us in writing, with a proof of your identity, at privacy@hyperganic.com.

If you are resident of the EU, you also have the right to direct questions or complaints to the lead supervisory authority.